lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <20101024163308.GA6612@gallifrey>
Date:	Sun, 24 Oct 2010 17:33:09 +0100
From:	"Dr. David Alan Gilbert" <linux@...blig.org>
To:	linux-kernel@...r.kernel.org
Cc:	linux-media@...r.kernel.org, mchehab@...hat.com
Subject: [PATCH] Guard a divide in v4l1 compat layer

Hi,
  I managed to trigger a divide by 0 in the v4l compat code
with the mem2mem test module; I suspect perhaps it shouldn't
have been returning a 0 pixel wide picture, but either way it seems
right to guard this divide by 0 in the compatibility layer.

Tested on 2.6.36 (ubuntu build, but the code in this is the same as upstream), 
but ***not tested with a real video device***.

Signed-off-by: Dr. David Alan Gilbert <linux@...blig.org>
--
diff --git a/drivers/media/video/v4l1-compat.c b/drivers/media/video/v4l1-compat.c
index 0c2105c..d4ac751 100644
--- a/drivers/media/video/v4l1-compat.c
+++ b/drivers/media/video/v4l1-compat.c
@@ -645,9 +645,16 @@ static noinline long v4l1_compat_get_picture(
 		goto done;
 	}
 
-	pict->depth   = ((fmt->fmt.pix.bytesperline << 3)
-			 + (fmt->fmt.pix.width - 1))
-			 / fmt->fmt.pix.width;
+	if (fmt->fmt.pix.width)
+	{
+		pict->depth   = ((fmt->fmt.pix.bytesperline << 3)
+				 + (fmt->fmt.pix.width - 1))
+				 / fmt->fmt.pix.width;
+	} else {
+		err = -EINVAL;
+		goto done;
+	}
+
 	pict->palette = pixelformat_to_palette(
 		fmt->fmt.pix.pixelformat);
 done:

-- 
 -----Open up your eyes, open up your mind, open up your code -------   
/ Dr. David Alan Gilbert    |       Running GNU/Linux       | Happy  \ 
\ gro.gilbert @ treblig.org |                               | In Hex /
 \ _________________________|_____ http://www.treblig.org   |_______/
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ